With the expectations, understand that Microsoft in not adding Windows Vista features to Windows XP through SP3. However, SP3 does include Network Access Protection (NAP) into SP3.
NAP will help Windows XP to take advantage of new features in Windows 2008 Server Operating System and Windows Vista.
NAP is a policy enforcement platform built into Windows Vista, Windows Server 2008 and Windows XP SP3 with which system administrator can better protect network assets by enforcing compliance with system health requirements. Using NAP, system administrator can create customized health policies to validate computer health before allowing accessing or communication; automatically update complaint computers to ensure ongoing compliance; and optionally confine noncompliant computers to a restricted network until they become complainant.
Functionality of Windows NAP is almost similar to Sophos NAC or Cisco NAC and become more and more popular in the Enterprise Environments to protect the sensitive data and network resources.
Sunday, April 27, 2008
Monday, April 14, 2008
Five Ways Your Best Employees Can Compromise Your Network
This summary is not available. Please
click here to view the post.
Windows XP useful Tools
Many of the Windows 3rd party tools are very useful, for example, TCPView.
TCPView is a Windows program that develope by Systernals which now already become part of Microsoft. TCPView is a Windows program that show to the administrator detailed listings of all TCP and UDP endpoints on the Windows 2000, Windows XP and Windows 2003 operating system, including the local and remote addresses and state of TCP connections.
On Windows NT, 2000 and XP TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows.
Please take note there is one small issue with this program, when it run from a floppy it does not display process names.
TCPView is a Windows program that develope by Systernals which now already become part of Microsoft. TCPView is a Windows program that show to the administrator detailed listings of all TCP and UDP endpoints on the Windows 2000, Windows XP and Windows 2003 operating system, including the local and remote addresses and state of TCP connections.
On Windows NT, 2000 and XP TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows.
Please take note there is one small issue with this program, when it run from a floppy it does not display process names.
.gif)
Friday, April 11, 2008
QMT-ISO Problem
I plan to use Qmail Toaster to replace my old sendmail box to become my new email server for my company.
I used QMT-ISO ver 1.4 which running under CentOS 4.6. I like this Qmail Toaster very well however, I found out few problem as:
1. User password was displayed is clear text under the vqmailadmin web management interface there.
2. I can't use the Qmail Toaster Admin page to change the the admin login password.
So may I know who had the solution to solve both problem that I had facing?
I used QMT-ISO ver 1.4 which running under CentOS 4.6. I like this Qmail Toaster very well however, I found out few problem as:
1. User password was displayed is clear text under the vqmailadmin web management interface there.
2. I can't use the Qmail Toaster Admin page to change the the admin login password.So may I know who had the solution to solve both problem that I had facing?
Wednesday, April 9, 2008
Upgrading from FreeBSD 6.X to FreeBSD 7.X
o # switch to a reasonable run-time environment
$ cd /; exec `/usr/bin/which bash sh head -1`
$ PATH=/bin:/usr/bin:/sbin:/usr/sbin; umask 022; unset TMOUT
o # install backward compatibility files
# (locale data to /usr/local/share/compat/, libraries to /usr/local/lib/compat/)
# notice: via binary packages as FreeBSD 7.x ports cannot be installed under FeeBSD 6.X
$ url="ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7-current/All"; \
( cd /tmp; for pkg in localedata-5.4.tbz compat6x-i386-6.2.602110.200706.tbz; do \
fetch -p $url/$pkg; pkg_add $pkg; rm -f $pkg; \
done )
o # install latest FreeBSD Upgrade Toolkit
$ cd /usr; \
fetch http://people.freebsd.org/~rse/dist/freebsd-adm-1.2.2.tar.gz; \
rm -rf adm; gunzip> .
(later replace "." with "RELENG_7")
o # upgrade /usr/src (already required for "mergemaster -p" below!)
$ (cd /usr/src && make cleandir); \
(cd /usr/adm && make update)
o # upgrade kernel configuration
$ vi /sys/`uname -m`/conf/`hostname -s tr 'a-z' 'A-Z'`
>> options COMPAT_FREEBSD6
>> options SCTP # Stream Transmission Control Protocol
>> options UFS_GJOURNAL # Enable gjournal-based UFS
>> options STOP_NMI # Stop CPUS using NMI instead of IPI
>> options AUDIT # Security event auditing
>> options GEOM_LABEL # Provides labelization
<<>> options GEOM_PART_GPT # GUID Partition Tables.
<<>> options COMPAT_43TTY # BSD 4.3 TTY compat [KEEP THIS!]
>> device uart # Generic UART driver
<<>> device le # AMD Am7900 LANCE and Am79C9xx PCnet
>> device firmware # firmware assist module
>> device dcons # Dumb console driver
>> device dcons_crom # Configuration ROM for dcons
o # prepare the upgrade
# (mainly create "ftp" group)
$ mergemaster -p
o # build new system
$ cd /usr/adm && make world-build kernel-build
---- INSTALL ----------------------------------------------------------------
o # upgrade system
$ make world-install kernel-install
o # cleanup system (part 1)
$ rm -f /etc/rc.d/ike /etc/rc.d/pccard /etc/rc.d/pcvt /etc/rc.d/ramdisk
$ rm -f /etc/rc.d/ramdisk-own /etc/rc.d/usbd
$ make etc
$ make clean
o # reboot into upgraded system
$ shutdown -r now
---- CLEANUP ----------------------------------------------------------------
o # switch to a reasonable run-time environment
$ cd /; exec `/usr/bin/which bash sh head -1`
$ PATH=/bin:/usr/bin:/sbin:/usr/sbin; umask 022; unset TMOUT
o # cleanup system (part 2)
$ ( for dir in /bin /sbin /usr/bin /usr/sbin /usr/libexec /usr/libdata; do \
find $dir -mtime +2 -type f -xdev -print; \
find $dir -mtime +2 -type l -xdev -print; \
done ) >/tmp/remove
$ vi /tmp/remove
# REVIEW FILES TO REMOVE MANUALLY
$ cat /tmp/remove xargs rm -f
$ ( for dir in /lib /usr/lib; do \
find $dir -mtime +2 -type f -xdev -print; \
find $dir -mtime +2 -type l -xdev -print; \
done ) grep -v /usr/lib/compat >/tmp/move
$ vi /tmp/move
# REVIEW FILES TO MOVE MANUALLY
$ for x in `cat /tmp/move`; do chflags noschg $x; mv $x /usr/lib/compat/; done
$ cd /usr/src; make BATCH_DELETE_OLD_FILES=YES delete-old delete-old-libs
o # reboot into cleaned system
# (mainly to reload the shared library cache and to
# make sure everything really still works fine)
$ shutdown -r now
ATTENTION: THIS UPGRADE PROCEDURE MIGHT NOT WORK FOR YOU AS YOUR
ENVIRONMENT IS DIFFERENT. ALSO, THIS UPGRADE PROCEDURES MIGHT DESTROY
YOUR SYSTEM AND YOU POTENTIALLY MIGHT LOOSE DATA. NO WARRANTY AT ALL.
USE IT AT YOUR OWN RISK!
Author: Ralf S. Engelschall
Created: 2007-05-24
Modified: 2007-07-13
Version: 1.0
$ cd /; exec `/usr/bin/which bash sh head -1`
$ PATH=/bin:/usr/bin:/sbin:/usr/sbin; umask 022; unset TMOUT
o # install backward compatibility files
# (locale data to /usr/local/share/compat/, libraries to /usr/local/lib/compat/)
# notice: via binary packages as FreeBSD 7.x ports cannot be installed under FeeBSD 6.X
$ url="ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7-current/All"; \
( cd /tmp; for pkg in localedata-5.4.tbz compat6x-i386-6.2.602110.200706.tbz; do \
fetch -p $url/$pkg; pkg_add $pkg; rm -f $pkg; \
done )
o # install latest FreeBSD Upgrade Toolkit
$ cd /usr; \
fetch http://people.freebsd.org/~rse/dist/freebsd-adm-1.2.2.tar.gz; \
rm -rf adm; gunzip
(later replace "." with "RELENG_7")
o # upgrade /usr/src (already required for "mergemaster -p" below!)
$ (cd /usr/src && make cleandir); \
(cd /usr/adm && make update)
o # upgrade kernel configuration
$ vi /sys/`uname -m`/conf/`hostname -s tr 'a-z' 'A-Z'`
>> options COMPAT_FREEBSD6
>> options SCTP # Stream Transmission Control Protocol
>> options UFS_GJOURNAL # Enable gjournal-based UFS
>> options STOP_NMI # Stop CPUS using NMI instead of IPI
>> options AUDIT # Security event auditing
>> options GEOM_LABEL # Provides labelization
<<>> options GEOM_PART_GPT # GUID Partition Tables.
<<>> options COMPAT_43TTY # BSD 4.3 TTY compat [KEEP THIS!]
>> device uart # Generic UART driver
<<>> device le # AMD Am7900 LANCE and Am79C9xx PCnet
>> device firmware # firmware assist module
>> device dcons # Dumb console driver
>> device dcons_crom # Configuration ROM for dcons
o # prepare the upgrade
# (mainly create "ftp" group)
$ mergemaster -p
o # build new system
$ cd /usr/adm && make world-build kernel-build
---- INSTALL ----------------------------------------------------------------
o # upgrade system
$ make world-install kernel-install
o # cleanup system (part 1)
$ rm -f /etc/rc.d/ike /etc/rc.d/pccard /etc/rc.d/pcvt /etc/rc.d/ramdisk
$ rm -f /etc/rc.d/ramdisk-own /etc/rc.d/usbd
$ make etc
$ make clean
o # reboot into upgraded system
$ shutdown -r now
---- CLEANUP ----------------------------------------------------------------
o # switch to a reasonable run-time environment
$ cd /; exec `/usr/bin/which bash sh head -1`
$ PATH=/bin:/usr/bin:/sbin:/usr/sbin; umask 022; unset TMOUT
o # cleanup system (part 2)
$ ( for dir in /bin /sbin /usr/bin /usr/sbin /usr/libexec /usr/libdata; do \
find $dir -mtime +2 -type f -xdev -print; \
find $dir -mtime +2 -type l -xdev -print; \
done ) >/tmp/remove
$ vi /tmp/remove
# REVIEW FILES TO REMOVE MANUALLY
$ cat /tmp/remove xargs rm -f
$ ( for dir in /lib /usr/lib; do \
find $dir -mtime +2 -type f -xdev -print; \
find $dir -mtime +2 -type l -xdev -print; \
done ) grep -v /usr/lib/compat >/tmp/move
$ vi /tmp/move
# REVIEW FILES TO MOVE MANUALLY
$ for x in `cat /tmp/move`; do chflags noschg $x; mv $x /usr/lib/compat/; done
$ cd /usr/src; make BATCH_DELETE_OLD_FILES=YES delete-old delete-old-libs
o # reboot into cleaned system
# (mainly to reload the shared library cache and to
# make sure everything really still works fine)
$ shutdown -r now
ATTENTION: THIS UPGRADE PROCEDURE MIGHT NOT WORK FOR YOU AS YOUR
ENVIRONMENT IS DIFFERENT. ALSO, THIS UPGRADE PROCEDURES MIGHT DESTROY
YOUR SYSTEM AND YOU POTENTIALLY MIGHT LOOSE DATA. NO WARRANTY AT ALL.
USE IT AT YOUR OWN RISK!
Author: Ralf S. Engelschall
Created: 2007-05-24
Modified: 2007-07-13
Version: 1.0
Tuesday, April 8, 2008
How to Protect your Name Server ( Bind 8/9)Kernel Tuneable Security Parameters
For each tunable kernel parameters, each entry have to be added to the /etc/systcl.conf configuration file to make the change permanent after
reboots. To activate the configured kernel parameters immediately at run time, use:
# systcl -p
1. Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1
2. Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
3. Disable Source Routing
net.ipv4.conf.all.accept_souce_route = 0
4. Enable IP Spoofing Protection
net.ipv4.conf.all.rp_filter = 1
5. Enable Ignoring to ICMP Requests
net.ipv4.icmp_echo_ignore_all = 1
6. Enable Ignoring Broadcasts Requests
net.ipv4.icmp_echo_ignore_broadcasts = 1
7. Enable Ignoring Broadcasts Requests
net.ipv4.icmp_echo_ignore_bogus_error_responses = 1
reboots. To activate the configured kernel parameters immediately at run time, use:
# systcl -p
1. Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1
2. Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
3. Disable Source Routing
net.ipv4.conf.all.accept_souce_route = 0
4. Enable IP Spoofing Protection
net.ipv4.conf.all.rp_filter = 1
5. Enable Ignoring to ICMP Requests
net.ipv4.icmp_echo_ignore_all = 1
6. Enable Ignoring Broadcasts Requests
net.ipv4.icmp_echo_ignore_broadcasts = 1
7. Enable Ignoring Broadcasts Requests
net.ipv4.icmp_echo_ignore_bogus_error_responses = 1
Thursday, April 3, 2008
Checking Integrity of Windows System Files.
One excellent way of checking MS Windows files on newer versions of Windows (XP and 2000) is to run "sigverif".
To run this, Click Start, Click Run, type "sigverif", and then click OK. Click the advanced option, select " Look for other files that are not digitally signed", and then select c:\winnt or c:\windows depending on the version of Windows.
This tool checks the digital signatures on all the system files, and will alert you of any that aren't correct, or not signed. Be aware however that this program can produce a very verbose output, as it will of course inform you that a log file is not signed for example.
To run this, Click Start, Click Run, type "sigverif", and then click OK. Click the advanced option, select " Look for other files that are not digitally signed", and then select c:\winnt or c:\windows depending on the version of Windows.
This tool checks the digital signatures on all the system files, and will alert you of any that aren't correct, or not signed. Be aware however that this program can produce a very verbose output, as it will of course inform you that a log file is not signed for example.
Wednesday, April 2, 2008
Unified Threat Management
Unified Threat Management (UTM) is the name for an emerging trend in the appliance security market. Unified Threat Management appliancesare an evolutionof traditional firewall and VPN appliances into a product that has many additional capabilities such as: URL Filtering, spam blocking, spyware protection, intrustion prevention, gateway antivirus, and a centralized management, monitoring, and logging function. these functions were traditionally handled by multiple systems.
Why Unified Threat Management ?
Unified Threat Management Solutions are Cost-effective.
- Integrating multiple security capabilities into a single appliance mean that you can purchase and use fewer aooliances, eliminating the cost of building layered security with separately purchased solutions.
Stops Attacks as the Network Gateway to Keep Your Business Moving
- The multifunctional security approach offered by UTM appliances lets you avert catastrophe by blocking a broad range of network threats before they have the opportunity to enter your network.
Easy to setup and Use
- Separate security systems means different management consoles to configure each system. Because the management paradigms of these systems are typically very different, it can be very time consuming to make sure the different security policies on each system work together and provide adequate protection. In addition, log information from each system will be stored in different formats in different locations, making detection and analysis of security events difficult.
Whether you are an IT expert or a security novice, a UTM solution with centralized management, monitoring and logging provides indispensable ease of use for configuring and managing your security. A UTM solution makes it easy to build coherent security policies, simplefies administration tasks such as log file management, auditing, and compliance reporting, and lower operational costs when compared with the complexity of setting up separate security systems to defend against various specific threats.
Why Unified Threat Management ?
Unified Threat Management Solutions are Cost-effective.
- Integrating multiple security capabilities into a single appliance mean that you can purchase and use fewer aooliances, eliminating the cost of building layered security with separately purchased solutions.
Stops Attacks as the Network Gateway to Keep Your Business Moving
- The multifunctional security approach offered by UTM appliances lets you avert catastrophe by blocking a broad range of network threats before they have the opportunity to enter your network.
Easy to setup and Use
- Separate security systems means different management consoles to configure each system. Because the management paradigms of these systems are typically very different, it can be very time consuming to make sure the different security policies on each system work together and provide adequate protection. In addition, log information from each system will be stored in different formats in different locations, making detection and analysis of security events difficult.
Whether you are an IT expert or a security novice, a UTM solution with centralized management, monitoring and logging provides indispensable ease of use for configuring and managing your security. A UTM solution makes it easy to build coherent security policies, simplefies administration tasks such as log file management, auditing, and compliance reporting, and lower operational costs when compared with the complexity of setting up separate security systems to defend against various specific threats.
Tuesday, April 1, 2008
Securing an Internet Name Server
Name servers exposed to the Internet are subject to a wide variety of attacks:
• Attacks against the name server software may allow an intruder to compromise the server and take control of the host.
• Denial of service attacks, even one directed at a single DNS server, may affect an entire network by preventing users from translating hostnames into necessary IP addresses.
• Spoofing attacks that try to induce your name server to cache false resource records, and could lead unsuspecting users to unsavory sites.
• Information leakage from a seemingly innocent zone transfer could expose internal network topology information that can be used to plan further attacks.
• A name server could even be an unwitting participant in attacks on other sites.
How to Protect your Name Server ( Bind 8/9)
1. Restricting zone transfers
With BIND 8 or 9, use the allow-transfer sub statement, either at the server level :
options {
allow-transfer {192.168.4.154;};
};
or specific to a zone:
type master;
zone "example.com"{
file "db.example.com";
allow-transfer { 192.168.4.154;};
};
2. Authenticate zone transfer with TSIG ( Transaction Signatures)
TSIG uses a shared-secret cryptographic signature to authenticate authoritative zone data.
key tsig-signing. {
algorithm hmac-md5;
secret " Secret Key Here";
};
zone "example.com"{
type master;
file " db.xample.com";
allow-transfer { key tsig-signing;};
};
Correspondingly, the salve name servers must also contain the shared key:
key tsig-signing. {
algorithm hmac-md5;
secret " Secret Key Here";
};
server 192.168.4.47 {
transfer-format man-answers;
key { tsig-signing.;};
zone "example.com"{
type slave;
file " bak.xample.com";
allow-transfer { none;};
};
3. Run your name server as a user other than root ( BIND 8.1.2 and up).
4. Run your name server in a chroot() "jail"
• Attacks against the name server software may allow an intruder to compromise the server and take control of the host.
• Denial of service attacks, even one directed at a single DNS server, may affect an entire network by preventing users from translating hostnames into necessary IP addresses.
• Spoofing attacks that try to induce your name server to cache false resource records, and could lead unsuspecting users to unsavory sites.
• Information leakage from a seemingly innocent zone transfer could expose internal network topology information that can be used to plan further attacks.
• A name server could even be an unwitting participant in attacks on other sites.
How to Protect your Name Server ( Bind 8/9)
1. Restricting zone transfers
With BIND 8 or 9, use the allow-transfer sub statement, either at the server level :
options {
allow-transfer {192.168.4.154;};
};
or specific to a zone:
type master;
zone "example.com"{
file "db.example.com";
allow-transfer { 192.168.4.154;};
};
2. Authenticate zone transfer with TSIG ( Transaction Signatures)
TSIG uses a shared-secret cryptographic signature to authenticate authoritative zone data.
key tsig-signing. {
algorithm hmac-md5;
secret " Secret Key Here";
};
zone "example.com"{
type master;
file " db.xample.com";
allow-transfer { key tsig-signing;};
};
Correspondingly, the salve name servers must also contain the shared key:
key tsig-signing. {
algorithm hmac-md5;
secret " Secret Key Here";
};
server 192.168.4.47 {
transfer-format man-answers;
key { tsig-signing.;};
zone "example.com"{
type slave;
file " bak.xample.com";
allow-transfer { none;};
};
3. Run your name server as a user other than root ( BIND 8.1.2 and up).
4. Run your name server in a chroot() "jail"
Subscribe to:
Comments (Atom)
